I tried booting into Safe Mode, tried a Last Known Good boot, neither option worked, each time the system jumped back into Startup Repair. Finally, I chose the option Disable Driver Signature Enforcement, and was able to successfully boot into normal mode. This option bypasses the functionality in Windows which checks for system or driver file corruption and thus far it seemed like perhaps some software or driver I'd recently installed or updated might've led to this boot issue.
Days prior I'd been noticing some strange behavior in Windows. I had been unable to access my GMail and Live accounts. GMail would forever remain at the initial progress bar, eventually timing out and asking if I wanted to use basic HTML mode; Live would load the initial screen showing my email but just sit there, any clicks on my Inbox or Sent Items or other folders did nothing. Once I booted in this Disable Driver Signature Enforcement mode though, a new twist; it appeared my Google search results were now occasionally being redirected to advertising sites.
It turned out to be malware, a rootkit to be specific.
I ran a full scan with the latest SpyBot as well as Symantec Endpoint Protection, installed on all our workplace PCs, but these found nothing.
However, in tracking down other reports of apparent ci.dll file corruption, I discovered Kaspersky's TDSSKiller tool. I downloaded and ran the tool, which performed a concise scan that took roughly a minute to complete. Lo and behold, a rootkit, a member of the notorious TDSS family.
Rootkit.Win32.TDSS.tdl4 |
I ensured the Cure option was selected, then clicked Continue, and allowed the tool to initiate a reboot and hopefully clean out the rootkit.
Following the removal, I could once again boot into Windows normally, and the anomalous behaviors described above no longer occurred.
8 comments:
This was spot on. Followed your instructions and was up and running without the normal pain and suffering!
Thanks!
thanks bud! this really helped me!
Thank you! Had this problem today and your solution worked great!!!
thanks so much...
Thank you! You saved me! (and my computer from a clean install...)
Do you know if there is any AntiVirus software out there that can detect this virus?
To all whom this helped, you're welcome!
@Nadav: My machine hasn't since been reinfected with this rootkit so I don't know, but since Kaspersky's tool detected it, perhaps their antivirus suite also has the ability to find and remove rootkits like this one?
Google redirecting was my first symptom, but nothing picked up anything so I thought it might have been a securtity issue with the browser itself, so I updated and thought nothing was wrong. Then everything happened exactly the same way, your solution was a huge help. Though I had to load the page on another computer, damn thing was actively blocking pages that could have helped.
Very helpful post, had the exact same problem!
Thanks!
Post a Comment